You should use the default risk policy for the initial period before you start customizing the policy or defining multiple risk policies.

Fine-tuning your policy is an iterative process and should follow this approach:

  1. Train the risk models with production data for 1-3 weeks for workforce usage or 2-4 weeks for customer usage. This should be done with the default risk policy.
  2. Use the Protect dashboards to analyze the results. Identify false positive results, meaning situations that are identified as High risk even though they are legitimate users. Check what is causing these false positives.
  3. Adjust the scores for the different risk predictors in the risk policy to see if you can reduce the incidence of false positives.
    A diagram of the cyclical process of managing your risk policy.